Description:
A buffer overflow vulnerability was reported in libpng. A remote user may be able to cause arbitrary code to be executed by an application using libpng.

The vendor reported that libpng contains a buffer overflow vulnerability similar to that reported in CVE CAN-2002-1363. The software does not properly calculate buffer offsets, which may allow for remote code execution.

The vendor has indicate that this flaw is "quite serious."

Impact:
A remote or local user may be able to cause arbitrary code to be executed by an application using libpng. The specific impact depends on the application using libpng.

Solution:
The vendor has issued a fixed version (libpng 1.2.6rc1, libpng-1.0.16rc1), available at:

Debian reported that libpng contains a buffer overflow vulnerability similar to that
reported in CVE CAN-2002-1363. The software does not properly calculate buffer offsets,
which may allow for remote code execution.
CVE: CAN-2004-0768